﻿<?php
include 'consql.php';
if(isset($_POST["name"])&&isset($_POST["password"])){
	$name=$_POST["name"];
	$password=$_POST["password"];
	$read=fopen("pre.txt","r");$pre=fread($read,filesize("pre.txt"));
	
	require_once('lib/geetestlib.php');
	$gtcaptcha_key = "bf8e48b36054d86e62379d2e13470ff6";
	$geetestdemo = new geetestdemo($gtcaptcha_key);
	if (isset($_POST['geetest_challenge']) && isset($_POST['geetest_validate']) && isset($_POST['geetest_seccode'])) {
	$validate_response = $geetestdemo->geetest_validate(@$_POST['geetest_challenge'], @$_POST['geetest_validate'], @$_POST['geetest_seccode']);
	}else{
	echo "use your own captcha validate ";
	//网站原有验证码的验证
	//$validate_response = your_own_captcha_validate()
	}
	if ($validate_response) {
	//echo 'Yes!';
	echo '验证码正确-->';
	} else {
	echo '<center>那么大的验证码不懂得看？？小心我打死你！QAQ';
	exit;
	}
	
	
	
	if(strpos($name,"'")===false&&strpos($password,"'")===false&&strpos($name,"`")===false&&strpos($password,"`")===false&&strpos($name,"-")===false&&strpos($password,"-")===false&&strpos($name,"<")===false&&strpos($name,">")===false){
	$name=str_ireplace(".","isnot",$name);
	$cmd=mysql_query("select * from " . $pre . "user where name='$name'");
	if($row=mysql_fetch_array($cmd)){
		if($row['name']!=null){
			//echo $row['name'];
			echo '<center>此用户名已经被注册！请尝试别的~</center>';
			exit;
		}
	}
	$pass=md5($password);
	mysql_query("insert into " . $pre . "user values('$name','$pass')");
	mkdir("user/$name");
	copy("web.html","user/$name/index.html");
	echo '<br/><center><h1>注册成功！</h1><h3>请返回登录。</h3><br/><br/>
	<a href="login.php">登录去~</a>
	';
	$file=fopen("log.txt","a");
	include 'lib/time.php';
	fwrite($file,"\r\n" . $time . ":'$name' is register.");
	exit;
	}else{
		echo "<center>请勿尝试SQL注入/XSS劫持！我还不懂你这招？！</center>";
		exit;
	}
}


?>